The CARICOM governance paradox: Building free movement in a region without privacy

When CARICOM announced that citizens of Barbados, Belize, Dominica, and St Vincent and the Grenadines would soon enjoy the right to live and work freely across each other’s borders, it marked a watershed moment in decades of talk about a borderless Caribbean. But beneath the optimism lies a structural dilemma: how do we ensure safe and effective free movement in a region where data protection is fragmented, privacy oversight is weak, and the very definition of “CARICOM citizen” varies by state? We cannot make free movement real without shared identity verification — yet we cannot responsibly build such a system when privacy maturity remains uneven across our member states.

The mobility imperative

The case for a CARICOM-wide identification framework is compelling. The right to move, live and work across borders cannot depend solely on national IDs or passports, because those documents reflect national citizenship, not necessarily regional entitlement.

Under the Revised Treaty of Chaguaramas, the freedom to move and work is a CARICOM right attached to CARICOM nationals — citizens of member states participating in the Single Market. But because citizenship is defined by domestic law, the same treaty-based right plays out differently depending on how each country defines its citizens.

Consider this: a person denied residency in Barbados could purchase citizenship in Dominica through its Citizenship by Investment Programme and reappear as a CARICOM national entitled to move freely. They would now have the right to reside and work in Barbados, not because of any regional connection, but because they bought citizenship in another member state.

The free movement regime was designed to integrate the Caribbean’s people — to make it easier for teachers, technicians, accountants and artistes to move where opportunity calls. It was never meant to be a side effect of global investment migration. Yet without a standardised, regionally managed credential, there’s no practical way to distinguish between these categories at the operational level.

This is why a CARICOM Mobility ID — a credential rooted in treaty rights rather than national discretion — makes sense. It would verify the basis of entitlement (for example, skilled national status or enhanced cooperation membership) and provide interoperable recognition of that status across participating states. It would not replace national citizenship but rather certify the holder’s lawful right to live and work anywhere within the free movement area.

Most importantly, this would move the region beyond passports as the only proof of belonging, towards a fairer and more reliable way to confirm who truly has the right to live and work across CARICOM.

The privacy deficit

Yet the technical logic of integration runs headlong into the region’s institutional weakness. Most CARICOM states have either weak, outdated, or incomplete data protection regimes — and even where strong laws exist, enforcement remains aspirational.

Barbados and Belize have modern GDPR-inspired frameworks that establish Data Protection Commissioners and individual rights, though practical enforcement remains limited. St Vincent passed a Privacy Act in 2003 that has never been brought into force.

Dominica lacks a modern data protection law altogether — no independent oversight authority, no breach notification requirement, no structured redress for citizens.

This disparity means that personal data could flow freely between states with vastly different levels of protection. Once information crosses from Barbados or Belize into a jurisdiction without active regulation, the rights of the individual effectively disappear.

In such a landscape, any attempt to build a regional digital ID system risks magnifying the weakest link. It’s not simply a matter of technology — it’s a matter of governance capacity, legal enforceability and trust.

The legal patchwork problem

The legal fragmentation across CARICOM is more than an inconvenience; it’s a liability. If a regional identity database were to suffer a breach, Barbados might investigate, Belize might caution, and the others might do nothing. The same dataset would be simultaneously protected and ignored, depending on where it resides.

This uneven legal terrain makes mutual trust almost impossible. Integration can only be as strong as its weakest member state — and on privacy, those weaknesses are glaring.

The European Union resolved this dilemma by creating a single data governance framework — the General Data Protection Regulation (GDPR) and the Electronic Identification, Authentication and Trust Services Regulation (eIDAS) — which together ensure that every member state meets the same privacy and digital identity standards. CARICOM, by contrast, operates under a decentralised treaty system that prioritises national sovereignty. That sovereignty, however, is now the very thing threatening to fragment the regional project it was designed to protect.

The path forward

The way out of this paradox is to treat data governance as the foundation of integration, not as optional. CARICOM should develop a CARICOM Data Protection Treaty — a shared legal and institutional framework that ensures equivalent safeguards across borders.

Such a compact could establish a network of national Data Protection Authorities bound by common principles, create a small oversight office within the CARICOM Secretariat, and require member states to meet minimum privacy standards before participating in any regional identity scheme. This would embed “privacy by design” into the architecture of free movement, ensuring that rights travel with the individual, not just their data.

A phased approach makes sense. The initial Mobility ID pilot could launch among the four early-adopting states — Barbados, Belize, Dominica, and St Vincent and the Grenadines — with technical assistance directed towards raising Dominica’s and St Vincent’s privacy capacities to minimum compliance thresholds. Over time, other member states could join as they reach readiness.

Integration with trust

CARICOM’s dream of integration has always been about people — about the right to belong anywhere in the Caribbean. But integration in the digital age is not just about open borders; it’s about trusted systems. It’s about knowing that when your personal information crosses into another jurisdiction, your rights don’t vanish at the border.

If the region rushes into digital identity without strong privacy foundations, it risks eroding the very trust it needs to make integration sustainable. Citizens could begin to view free movement not as liberation, but as surveillance.

But if CARICOM takes the harder route — harmonising data laws, enforcing privacy standards and embedding transparency into its governance — then the Mobility ID could become a symbol of both unity and accountability. It would demonstrate that the Caribbean can integrate responsibly, respecting its citizens as much as its ambitions.

Free movement is a noble goal, but freedom without protection is fragile.

steven@dataprivacy.bb